Need some help troubleshooting… Context:
Ramping JMeter to 500 threads hitting /api/v2/security/authorizations to validate tokens. Getting 403 Forbidden with "reason": "access_denied" after ~200 requests, even though the JWT is valid. Question:
Is there a hard rate limit on the security endpoint specifically, or is the load balancer dropping the connections?
It varies, but usually the 403 stems from the organization-specific rate limiting on security endpoints, not the load balancer. Premium apps hit stricter caps. Check the x-genesys-org-rate-limit headers. Implement exponential backoff in JMeter to avoid triggering the denial threshold during validation bursts.